| 2022-12-25 | CVE-2022-44381 | Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request. | 5.3 |
| 2022-12-22 | CVE-2022-26382 | While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. | 4.3 |
| 2022-12-22 | CVE-2022-45403 | Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. | 6.5 |
| 2022-12-22 | CVE-2022-45416 | Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. | 6.5 |
| 2022-12-16 | CVE-2022-20535 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0
In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 |
| 2022-12-16 | CVE-2022-20538 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 |
| 2022-12-16 | CVE-2022-20559 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0
In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 |
| 2022-12-15 | CVE-2022-46392 | Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. | 5.3 |
| 2022-12-05 | CVE-2022-3907 | Information Exposure Through Discrepancy vulnerability in Clerk Clerk.Io
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. | 7.5 |
| 2022-11-21 | CVE-2022-4087 | Information Exposure Through Discrepancy vulnerability in Ipxe
A vulnerability was found in iPXE. | 4.3 |